Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-38
The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages
before they are exchanged between the two parties. The two parties verify the validity
of the HWTACACS messages received from each other by using the shared keys that
have been set on them, and can accept and respond to the messages only when both
parties have the same shared key.
Table 1-28 Configure shared keys for HWTACACS messages
Operation Command Description
Enter system view
system-view
—
Create a HWTACACS
scheme and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no
HWTACACS scheme
exists.
Set a shared key for
HWTACACS
authentication,
authorization or
accounting messages
key { accounting |
authorization |
authentication } string
Required
By default, no such key is
set.
1.5.6 Configuring the Attributes for Data to be Sent to TACACS Servers
Table 1-29 Configure the attributes for data to be sent to TACACS servers
Operation Command Description
Enter system view
system-view
—
Create a HWTACACS
scheme and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no
HWTACACS scheme
exists.
Set the format of the user
names to be sent to
TACACS server
user-name-format
{ with-domain |
without-domain }
Optional
By default, the user
names sent from the
switch to TACACS server
carry ISP domain names.
data-flow-format data
{ byte | giga-byte |
kilo-byte | mega-byte }
Set the units of data flows
to TACACS servers
data-flow-format packet
{ giga-packet |
kilo-packet |
mega-packet |
one-packet }
Optional
By default, in a TACACS
scheme, the data unit and
packet unit for outgoing
HWTACACS flows are
byte and one-packet
respectively.
To Next Page
Loading...
Need help?
General